Page 1 of 3
TPM
Posted: 15. Jan 2019, 10:35
by Joho
Folks,
TPM (Trusted Platform Module) support became necessary.
Using Virtual Box to run Windows 10 as guest on Ubuntu 18 host. The company setup of Windows 10 requires access to the TPM to function properly.
Running Windows 10 without having a TPM is not supported by our corporate setup.
This might get a trend in other companies as well.
Please consider adding a Virtual TPM support.
THANK YOU.
Joho
Re: TPM
Posted: 15. Jan 2019, 12:06
by mpack
I suggest that you check out the
new features in VirtualBox 6.0.0. Of course these features will probably take a few maintenance updates to bed in.
Re: TPM
Posted: 15. Jan 2019, 12:21
by socratis
mpack wrote:I suggest that you check out the new features in VirtualBox 6.0.0.
mpack, I haven't seen any references regarding TPM in VirtualBox 6.0.0, or in general...
Joho wrote:Running Windows 10 without having a TPM is not supported by our corporate setup. This might get a trend in other companies as well.
Well, your and the rest of the companies could buy some support contracts from Oracle and fund in a sense the development of TPM. Your companies (and perhaps a user or two here and there) would be thankful!
Re: TPM
Posted: 15. Jan 2019, 14:16
by mpack
TPM is one of the newish Win10 security features based on Hyper-v is it not? In which case v6 has a potential approach.
Re: TPM
Posted: 15. Jan 2019, 14:34
by andyp73
To do it properly I would expect that either the hosts TPM hardware will need to be passed to the guest (I haven't checked so don't know if that is actually possible) or a virtual TPM will need to be created. I think one exists in KVM which might be a useful starting point if someone wanted to do it.
-Andy.
Re: TPM
Posted: 15. Jan 2019, 15:38
by socratis
TPM (Trusted Platform Module) AFAIK as it is
implemented on a PC, involves a chip in the motherboard. This is something that VirtualBox would have to include either in the BIOS
(I don't think so, you can forget the VirtualBox BIOS evolving to include that), or in the EFI
(more probable). So far, there's nothing there...
Re: TPM
Posted: 15. Jan 2019, 15:51
by mpack
Ah, I hadn't interpreted the OPs post as saying that the guest had to have TPM access, just that it had to be compatible with it. I don't know why a guest would be restricted to the same Win10 image that the host uses, I guess they want to use the same corporate license.
Re: TPM
Posted: 15. Jan 2019, 17:00
by socratis
andyp73 wrote:To do it properly I would expect that either the hosts TPM hardware will need to be passed to the guest
They're already doing something like that with the
Apple SCM chip when booting in
EFI. That's why you can only boot genuine OSX guests on OSX hosts. Maybe (no clue) something like that could be implemented for the TPM chip...
Re: TPM
Posted: 1. Jul 2019, 10:41
by Steve Cliff
A few months old I know but very relevant to me needs currently
TPM shouldn't be tied to the underlying hardware of the host but
must be virtual IMO - if not then if you were to spin up two VM's they would have to share the same security principles - not good!
VMWare Workstation seems to have implemented a good solution here - they currently support TPM 2.0 virtually so no cross over between VM's and up-to-date v2 so that it can be used with the latest Microsoft "Intune" stuff that corporates tend to like.
Would love to see this in Virtualbox, although my 30 year old BASIC experience probably won't be up-to-scratch for it - lol!
Re: TPM
Posted: 1. Jul 2019, 10:44
by Steve Cliff
mpack wrote:TPM is one of the newish Win10 security features based on Hyper-v is it not? ...
Just for info, it's at BIOS/EFI level and doesn't need hyper-v support to be enabled.
Re: TPM
Posted: 25. Jun 2021, 08:24
by bluegroper
It seems the VMWare workstation has a virtualized TPM.
https://www.prajwaldesai.com/enable-tru ... l-machine/
We hope this feature comes soon to VirtualBox, since its prolly gonna be needed for windoze 11.
Re: TPM
Posted: 25. Jun 2021, 22:02
by krafty11
bluegroper wrote:It seems the VMWare workstation has a virtualized TPM.
We hope this feature comes soon to VirtualBox, since its prolly gonna be needed for windoze 11.
Yes, I've just been looking for the exact same reason, pre release Windows 11 testing starting next week.
Re: TPM
Posted: 26. Jun 2021, 11:05
by mpack
Is it definitely going to be needed for Win11? Because that would exclude Win11 from running on a bunch of older PCs.
Re: TPM
Posted: 26. Jun 2021, 12:46
by multiOS
Yes, it is a requirement:
-
https://www.microsoft.com/en-gb/windows ... ifications
Many of Microsoft's own Surface range of computers (apart from more recent releases) don't seem meet the minimum requirements for Windows 11, e.g. Surface Book 1 and Surface Pros prior to Surface Pro 6, , so there could be a lot of disappointed owners of 'not so old' PCs. Seems close to Apple's long-standing approach to limiting OS upgrade installations on 'older' hardware.
Re: TPM
Posted: 26. Jun 2021, 15:34
by fth0
mpack wrote:Is it definitely going to be needed for Win11?
multiOS wrote:Yes, it is a requirement:
Well, yes and no. IMHO, a
TPM 2.0 is a requirement for physical hardware, but not for virtual machines. Download the Windows 11 minimum hardware requirements document linked within
Windows minimum hardware requirements, and especially read chapter 5, which is about virtual machines.
Regarding physical hardware, a TPM 2.0 was already a requirement for Window 10 PCs built after July 2016, so it isn't even a new requirement, only the enforcement is new.
mpack wrote:Because that would exclude Win11 from running on a bunch of older PCs.
That will already be enforced by the CPU requirement (e.g. Intel 8th gen. CPUs). See
Windows Processor Requirements for the details.